Closed Bug 1026790 Opened 9 years ago Closed 8 years ago

coned.com customer site bill access broken on non Release builds

Categories

(Web Compatibility :: Desktop, defect)

Product:
Web Compatibility
Component:
Desktop
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: marcausl, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

This may not be a firefox bug but a coned problem but maybe you can get their attention.

There new on line bill system will not display a list of bills, producing a useless error message instead.

web console shows:
postedge.documentmailbox.com : server does not support RFC 5746, see CVE-2009-3555

The site works on fireforx 30 and on google chrome.
Component: General → Desktop
OS: Windows 7 → All
Product: Firefox → Tech Evangelism
Hardware: x86_64 → All
Version: 33 Branch → unspecified
First question - is this even the problem.  The site is broken - it's not just the console message I'm concerned about.  Has enforcement been turned on?  If not I'll try to see what else is different.

Since this is inside the customer bill pay system, there is no way for non coned customers to work on it.
It's not a bug of Firefox, rather a security issue of the site. That's why this is triaged as a Tech Evangelism product. If you are a customer of that service, please contact the site to get it fixed.
Please pay attention.  The site works on fx30 and DOES NOT work on fx33.  I probably mistakenly thought that the rfc 5746 was the cause.  But if this is just a warning message, then the bug is elsewhere.  I need help in tracking it down.
Summary: coned.com does not support rfc 5746 → coned.com customer site bill access broken on fx 33
(In reply to Marc Auslander from comment #3)
> Please pay attention.  The site works on fx30 and DOES NOT work on fx33.  I
> probably mistakenly thought that the rfc 5746 was the cause.  But if this is
> just a warning message, then the bug is elsewhere.  I need help in tracking
> it down.

The first step would be figuring out when it regressed using mozregression.
I'm afraid what ever is going on is bizarre. 

Facts:

firefox 30 release works correctly
firefox 31B2 - latest beta works correctly
nightly as far back as one of the version 28 nightlys fails!
the last nightly for version 31 built 4/28 fails
aurora 32A fails

Any ideas?
Is there something that gets changed when you go from nightly/aurora to beta?

All tests run with an empty profile.
Weird stuff! Could you try to keep the "Network" panel in dev tools open while opening the site, and compare the requests in a working and broken build? If the number/order of requests or size of responses changes it might give us an important clue.
(In reply to Marc Auslander from comment #5)
> I'm afraid what ever is going on is bizarre. 
> 
> Facts:
> 
> firefox 30 release works correctly
> firefox 31B2 - latest beta works correctly
> nightly as far back as one of the version 28 nightlys fails!
> the last nightly for version 31 built 4/28 fails
> aurora 32A fails
> 
> Any ideas?
> Is there something that gets changed when you go from nightly/aurora to beta?
> 
> All tests run with an empty profile.

It's probably due to some feature / thing that's turned on on Nightly/Aurora and not on beta? Maybe? It'd still help to find the regression window on Nightly (might be before 28), in addition to what Hallvord said. It could also be that they do user agent detection in a way that detects the branding, although AFAICT most of the web-facing things we do shouldn't have a branding difference (UA string, navigator.appName, navigator.appCodeName) - maybe I'm missing one?
Last good revision: 08a034e1d43a (2013-02-23)
First bad revision: 195e706140d1 (2013-02-24)

I don't know how to save the debugger network output to compare runs.
Marc,

Save as HAR is not implemented yet. Bug 859058
The only way to make the comparison is either put a proxy in between or rely on a screenshot.
Be careful to not leak private information by doing that.
Flags: needinfo?(marcausl)
I don't know how to fetch the change log for the regression interval I reported above.  Maybe something will pop out if someone who knows something (not me :-) looks at it.
Someone should look at https://hg.mozilla.org/mozilla-central/rev/076b8758ecb0
from
https://bugzilla.mozilla.org/show_bug.cgi?id=818340

It has code which is turned off for the release.
Flags: needinfo?(marcausl)
So it doesn't seem to be a Tech Evangelism bug. Should we move that to an appropriate Product/Component.
(In reply to Marc Auslander from comment #10)
> I don't know how to fetch the change log for the regression interval I
> reported above.  Maybe something will pop out if someone who knows something
> (not me :-) looks at it.

http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=08a034e1d43a&tochange=195e706140d1

That does indeed have bug 818340 in it. Which was then later disabled for release. However... this is just a pref setting.


Marc, if you use nightly on this site, and in about:config, set network.cookie.cookieBehavior to '0', does that fix your issue?


It sounds like the site is relying on third-party cookies from a place that you don't explicitly visit. That would IMO still be a tech evangelism issue, but let's mark this blocking anyway.
Blocks: 818340
Flags: needinfo?(marcausl)
That pref "fixes" the issue.

IMHO you need to decide about this check and either go forward or turn if off always by default, leaving the pref for explicit testing.
Flags: needinfo?(marcausl)
Summary: coned.com customer site bill access broken on fx 33 → coned.com customer site bill access broken on non Release builds
I don't see any issues at http://coned.com/
Please reopen if there is a specific tech evangelism issue. If it's a different issue move to the right component.
Closing as worksforme.
URL: http://coned.com/
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.